Privacy Policy

1. Introduction

Welcome to Flopinio ("Flopinio," "we," "our," or "us"), a context-to-execution system for client work operated by DUMRAIT S.R.L., a company legally registered in the Republic of Moldova with registration number 1021600002558. Our public contact location is Chișinău, Moldova.

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use Flopinio's website, product, support channels, billing flows, and related services.

This policy is intended to support our GDPR and similar privacy-law compliance obligations. It should be read together with our Cookies Policy and Terms of Service.

2. Information We Collect

2.1 Account and Contact Information

• Name, email address, phone number, organization details, and profile fields such as first name, last name, and display name
• Account credentials, password-state records, linked sign-in providers, and authentication-related records
• Profile settings, preferences, and membership details
• Support and communications records

2.2 Workspace and Usage Data

• Requests, projects, notes, tasks, decisions, invoices, and related context you create
• Time tracking records, work logs, and collaboration metadata
• Invoice payment, reminder, viewed, sent, overdue, and lifecycle event records
• Recurring workflow templates, workflow instances, generated record links, and automation recommendation state
• Demo and sandbox workspace records where you choose to create a demo workspace
• Agent runtime records such as runs, approvals, tool activity, and usage summaries
• Product usage patterns, feature interactions, and service diagnostics

2.3 Technical and Billing Data

• IP address, browser type, operating system, device characteristics, and log data
• Session-cookie and security-related browser data described in our Cookies Policy
• Opt-in public analytics data such as page visits, referrers, device/browser characteristics, navigation patterns, and usability interaction data from Google Analytics 4 and Microsoft Clarity
• OAuth-provider account data needed to sign you in or link a provider identity to an existing account
• Google API data from integrations you explicitly enable, such as Gmail thread metadata and message bodies for External Inbox triage or Google Calendar event data for approved calendar workflows
• Subscription, billing, transaction, and payment-processor metadata

3. How We Use Your Information

We use personal data to:

• Provide the service: operate Flopinio's client-work, billing, and runtime workflows
• Manage accounts and organizations: create accounts, manage access, and support workspace administration
• Complete account setup: infer or store profile identity fields, track whether a user has created a local password, and keep incomplete accounts in a restricted mode until setup is finished
• Process subscriptions and commercial records: administer plans, billing, invoice follow-through, payment records, reminders, and payment operations through Paddle and related billing services
• Support AI-powered features: run grounded agent and summarization workflows through our approved runtime provider adapters
• Maintain security: detect abuse, investigate incidents, and protect user accounts and platform infrastructure
• Improve the platform: debug issues, understand product usage, and improve reliability and product quality
• Comply with legal obligations: satisfy accounting, tax, audit, and regulatory requirements

4. Legal Bases for Processing

Where GDPR applies, we process personal data on the basis of:

• Performance of a contract: to provide Flopinio and related support or billing services
• Legitimate interests: to secure, operate, improve, and monitor the service
• Consent: where we ask for it for optional communications or non-essential analytics cookies and similar tracking technologies
• Legal obligation: where processing is required by tax, accounting, regulatory, or law-enforcement obligations

5. Sharing and Disclosure

We may share information with:

• Workspace members: when data is intentionally shared within your organization for collaboration
• Infrastructure and service providers: hosting, email, support, and operational vendors who help us run Flopinio
• Payment processors: Paddle and related billing providers for subscription and transaction management
• AI and model providers: approved provider integrations used through Flopinio's runtime adapter layer to deliver AI-assisted features when enabled
• Professional advisers and authorities: where required for legal compliance, rights protection, fraud prevention, or dispute handling

We do not sell your personal data to third parties for their own advertising purposes.

6. Google API Limited Use

Flopinio's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google user data only to provide user-facing Flopinio features that you enable, such as connecting Gmail messages to External Inbox, drafting approved Gmail replies, or listing and creating approved Google Calendar actions. We do not use Google user data for advertising, do not sell it, and do not allow humans to read it except where required for security, support, legal compliance, or with your explicit permission.

You can disconnect Google integrations from Account or Settings. Disconnecting revokes the Google token where supported and deletes the connected integration account and synced integration records from active Flopinio storage according to the retention rules below.

7. Data Security

We use technical and organizational safeguards designed to protect your data, including:

• Encrypted transport, access controls, and environment-level security protections
• Signed authentication cookies backed by server-side session records with bounded session lifetime and revocation controls
• Linked OAuth identities, generated-versus-user-set local password state, and authenticated-shell completion safeguards for OAuth-created accounts
• Multi-factor authentication (MFA) for privileged accounts, plus recent identity confirmation for certain sensitive actions
• Role-based access controls and organization scoping within the application
• Operational logging, security-event review, and incident-response processes that support investigation and observability

8. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access, correct, or delete your personal data
• Restrict or object to certain processing
• Request portability of the data you provided to us
• Withdraw consent where processing depends on consent
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at [email protected].

9. Data Retention

We retain personal data only for as long as needed for the purposes described in this policy, including:

• Account and organization records for the duration of the account relationship and a limited backup/recovery period afterward
• Workspace and business records for as long as needed to provide the service or satisfy legal and contractual obligations
• Synced Google integration items while the integration remains connected, unless you delete or request deletion earlier
• Billing and accounting records for the periods required by tax, accounting, and audit laws
• Operational and security logs for limited periods appropriate to security, debugging, and compliance needs

10. International Transfers

Your data may be processed in countries outside your country of residence. Where required, we use appropriate safeguards for international transfers, such as contractual protections and provider commitments designed to support lawful data transfer.

11. Cookies and Similar Technologies

Flopinio relies on essential first-party cookies to maintain authenticated sessions, bind browsers to server-side session records, support OAuth-authenticated product access, and power account-security features such as session expiration, completion-state enforcement, and related verification flows. Ahoy is configured without cookies.

Public pages may offer opt-in analytics through Google Analytics 4 and Microsoft Clarity. We do not load those public analytics scripts until a visitor accepts analytics cookies. If accepted, analytics helps us understand public-site visits, navigation, aggregate measurement, heatmaps, session replay, and usability issues so we can improve the website and product experience.

We do not intentionally send account emails, names, workspace content, form contents, or customer-visible text to public analytics providers. When configured, signed-in product users may separately be asked to opt in to Microsoft Clarity product analytics using internal user IDs and limited product tags such as role and organization ID.

For more detail, see our Cookies Policy.

12. Children's Privacy

Flopinio is not intended for children under 16 years of age, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal data to us, please contact us so we can investigate and respond appropriately.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our service, legal obligations, or data practices. If we make material changes, we will update the effective date on this page and may provide additional notice through the product or by email where appropriate.

14. Contact Information

For questions about this Privacy Policy or our privacy practices, please contact us: